UK-based second-hand gaming reseller CeX confirmed they suffered an online security breach that led to the theft two million registered website customers’ personal data, including full names, addresses, email addresses and phone numbers.
“In a small number of instances, it may include encrypted data from expired credit and debit cards up to 2009. No further financial information has been shared,” the company said.
Although financial information was leaked, it was from before 2009 when CeX stopped storing debit and credit card information.
“A small amount of encrypted data from expired credit and debit cards may have been compromised,” reads the release. “We would like to make it clear that any payment card information that may have been taken, has long since expired as we stopped storing financial data in 2009.”
The company assured their customers that they are taking the matter “extremely seriously” and they are “are investigating this as a priority and are taking a number of measures to prevent this from happening again.”
All affected users will receive an informative email. Just in case, account holders for webuy.com should be immediately updated because “although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.”